With the end of the year drawing near, as we prepare to usher in 2025,…
CMIA Requires Annual Authorization for Specific Disclosures of PHI
The California Medical Information Act (CMIA), which differs slightly from the Federal Health Insurance Portability and Accountability Act (HIPAA), was updated in 2004 to require healthcare providers to obtain annual written authorization from a patient for certain disclosures of protected health information (PHI). Specifically, the following uses and disclosures of PHI require a signed patient authorization, which must be renewed annually:
- Uses or disclosures related to psychotherapy records
- Disclosures during marketing activities
- Disclosures involving the sale or licensing of PHI
- Use of PHI for research purposes
Once a patient has signed the authorization, the dental provider must provide instructions on how to access a copy or digital version of the signed authorization. Regarding the use and disclosure of PHI, dental providers must always make reasonable efforts to use or disclose only the “minimum necessary” PHI to accomplish the intended purpose of the use or disclosure.
For our subscribers of OSHA Review… for more information on HIPAA Compliance, please refer to the July/August 2022 Training Document in Section X of your OSHA Review binder. A sample Notice of Privacy Policy, a HIPAA plan template form, a sample business associate contract, breach documentation, and a HIPAA security risk analysis checklist are available from OSHA Review’s website.